Vulnerability Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Awk-3121 Firmware | 1.14 |
| Moxa | Awk-3121 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-DisclExploitThird Party AdvisoryVDB Entry
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-DisclExploitThird Party AdvisoryVDB Entry
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
FAQ
What is CVE-2018-10698?
CVE-2018-10698 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff t...
How severe is CVE-2018-10698?
CVE-2018-10698 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10698?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Awk-3121 Firmware, Moxa Awk-3121.